From fdeedc4034a0ab88434e3e3ed712d176f36ab000 Mon Sep 17 00:00:00 2001
From: Quentin Ruhier <quentin.ruhier@insee.fr>
Date: Wed, 6 May 2026 10:44:25 +0200
Subject: [PATCH] fix: oidc scope

---
 .env                       | 3 ++-
 CHANGELOG.md               | 6 ++++++
 src/libs/i18n/auth/oidc.ts | 5 +++++
 src/vite-env.d.ts          | 1 +
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/.env b/.env
index 9c470ea..c21eff4 100644
--- a/.env
+++ b/.env
@@ -5,4 +5,5 @@ VITE_IDENTITY_PROVIDER=
 VITE_OIDC_ISSUER=
 VITE_OIDC_ENABLED=false
 VITE_OIDC_CLIENT_ID=
-
+# oidc scopes used to retrieve roles and other jwt attribute (e.g. "profile,roles")
+VITE_OIDC_SCOPES=profile,roles
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 58449e4..e28b915 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Authentication:
+  - retrive scopes for jwt token
+  - new env variable: `VITE_OIDC_SCOPES` (default value `"profile,roles"`)
+
 ## [1.0.2](https://github.com/InseeFr/walking-papers/releases/tag/1.0.2) - 2026-03-03
 
 ### Added
diff --git a/src/libs/i18n/auth/oidc.ts b/src/libs/i18n/auth/oidc.ts
index a2e26e8..a9f3b25 100644
--- a/src/libs/i18n/auth/oidc.ts
+++ b/src/libs/i18n/auth/oidc.ts
@@ -8,6 +8,10 @@ const decodedIdTokenSchema = z.object({
   preferred_username: z.string(),
 })
 
+const oidcScopes = (import.meta.env.VITE_OIDC_SCOPES || 'profile,roles').split(
+  ',',
+)
+
 export const { OidcProvider, useOidc, getOidc } =
   import.meta.env.VITE_OIDC_ENABLED === 'false'
     ? createMockReactOidc({
@@ -25,5 +29,6 @@ export const { OidcProvider, useOidc, getOidc } =
         clientId: import.meta.env.VITE_OIDC_CLIENT_ID,
         issuerUri: import.meta.env.VITE_OIDC_ISSUER,
         homeUrl: import.meta.env.BASE_URL,
+        scopes: oidcScopes,
         decodedIdTokenSchema,
       })
diff --git a/src/vite-env.d.ts b/src/vite-env.d.ts
index 4af9a32..de7a129 100644
--- a/src/vite-env.d.ts
+++ b/src/vite-env.d.ts
@@ -8,6 +8,7 @@ type ImportMetaEnv = {
   VITE_OIDC_ISSUER: string
   VITE_OIDC_ENABLED: string
   VITE_OIDC_CLIENT_ID: string
+  VITE_OIDC_SCOPES: string
   BASE_URL: string
   MODE: string
   DEV: boolean